> For the complete documentation index, see [llms.txt](https://noreply.gitbook.io/born2beroot/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://noreply.gitbook.io/born2beroot/virtual-machine-setup/sudo-policies.md).

# sudo policies

1. The command that we will use will be 

```sh
touch /etc/sudoers.d/sudo_config
```

<figure><img src="/files/V5KmcfMs1RyP8ZCGdWia" alt=""><figcaption></figcaption></figure>

2. Then we must create a directory as is asked in the subject in */var/log/* because each commands need to be logged, the input and output. We will use:

```sh
mkdir /var/log/sudo
```

<figure><img src="/files/bA5D2wM5uGwaXsjc2nTH" alt=""><figcaption></figcaption></figure>

3. We must edit the file that we created in the first step of this section. Use any text editor, but for this guide as is in every screenshot we will use nano. Use:

```sh
nano /etc/sudoers.d/sudo_config
```

<figure><img src="/files/SxZDwmOoFVWBm47P1fDD" alt=""><figcaption></figcaption></figure>

4. Once we are editing the file we must set it up with the following commands:

```
Defaults  passwd_tries=3
Defaults  badpass_message="Mensaje de error personalizado"
Defaults  logfile="/var/log/sudo/sudo_config"
Defaults  log_input, log_output
Defaults  iolog_dir="/var/log/sudo"
Defaults  requiretty
Defaults  secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
```

As it should be on the file:\
![](/files/nAHoGBHab8DAHMGlPhqN)

{% hint style="info" %} <mark style="color:green;">passwd\_tries=3</mark>: Total tries for entering the sudo password.
{% endhint %}

{% hint style="info" %} <mark style="color:green;">badpass\_message="message"</mark>: The message that will show when the password failed.
{% endhint %}

{% hint style="info" %} <mark style="color:green;">logfile="/var/log/sudo/sudo\_config"</mark>: Path where will the sudo logs will be stored.
{% endhint %}

{% hint style="info" %} <mark style="color:green;">log\_input, log\_output</mark>: What will be logged.
{% endhint %}

{% hint style="info" %} <mark style="color:green;">iolog\_dir="/var/log/sudo"</mark>: What will be logged.
{% endhint %}

{% hint style="info" %} <mark style="color:green;">requiretty</mark>: TTY become required
{% endhint %}

{% hint style="info" %} <mark style="color:green;">secure\_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"</mark>: Folders that will be excluded of sudo
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://noreply.gitbook.io/born2beroot/virtual-machine-setup/sudo-policies.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.